Freelancer profile translated to English.
Back to original languageAbout Farah
I intervene where cybersecurity challenges become critical: complex compliance programs, multi-entity environments, and strong regulatory requirements (DORA, NIS2, ISO 27001).
Senior GRC cybersecurity consultant with 12 years of experience in the banking sector, I support organizations in structuring, managing, and securing their compliance and risk management systems.
I don't just produce deliverables:
- I provide visibility
- I structure programs
- I facilitate decision-making at the executive level
I typically work on:
🔹 DORA / NIS2 program management at group level
🔹 Implementation or improvement of ISMS (ISO 27001)
🔹 Structuring cyber governance and risk and control frameworks
🔹 Risk management (EBIOS RM, ISO 27005)
🔹 Audit preparation and security (ISO, SWIFT, PCI DSS)
🔹 Cross-functional coordination between IT, business units, security, and procurement
🔹 Resilience & business continuity (BCP/DRP, BIA, cyber crisis exercises)
🔹 Awareness (group campaigns, DORA/PCI DSS workshops, phishing, executive training)
Accustomed to interacting with CISOs, CIOs, and Executive Committees, I position myself as a strategic partner, capable of aligning business objectives, regulatory constraints, and operational realities.
French
Native or bilingual
English
Fluent
Arabic
Native or bilingual
Can work on-site
Paris (up to 50km)
Experience
- STETCybersecurity ConsultantBANKING AND INSURANCEJuly 2022 - January 2026 (3 years and 6 months)Paris, FranceCyber compliance and audit management mission for a European payment infrastructure (ISO 27001, PCI DSS, SWIFT environment).
- Management of DORA & NIS2 compliance: gap analysis, EXCOM roadmap, information register, critical ICT service provider management, incident reporting process.
- Coordination of cybersecurity audits (ISO 27001, PCI DSS, SWIFT) and update of the PSSI.
- Redesign of Level 1/2 security internal control system, risk mapping, EXCOM reporting.
- Management of patching campaigns, monitoring of remediations from vulnerability scans, pentests, and audits.
- Design and delivery of group awareness campaigns and phishing exercises.
- BNP ParibasCybersecurity ConsultantBANKING AND INSURANCEJune 2019 - June 2022 (3 years)Paris, FranceSecurity governance mission within IT production teams focusing on four complementary areas: governance, risks, IAM/PAM, and vulnerabilities.Governance & Compliance:
- Supervision of security governance within IT production teams
- Deployment and monitoring of security KPIs and associated improvement plans
- Facilitation of security & risk workshops with IT teams
- Security validation of applications in Go / No-Go before production release
- Management of compliance campaigns: privileged accounts, firewall rules, patching, Log4j remediation
Risk Management- Development and monitoring of risk sheets: signatory validation workflow, information collection, action plan monitoring
- Management of security exceptions and associated validation workflow
- Monitoring of mitigation plans and risk indicators
IAM / PAM- Identification and remediation of non-compliant privileged accounts
- Justification, deletion, and compliance of accesses
- Support for teams in the deployment of CyberArk
Vulnerability & Firewall Management- Analysis of internal and external vulnerability scans
- Management of remediations with technical teams
- Review and remediation of firewall rules following group audits
- Société GénéraleBusiness Continuity & Cyber Crisis ConsultantBANKING AND INSURANCEJuly 2016 - June 2019 (2 years and 11 months)Paris, FranceMission focused on operational resilience and cyber crisis management, involving business continuity & cyber crisis, combining executive awareness and operational management of the system.Cyber Crisis Management
- Executive awareness of cyber crisis management (workshops, exercises, dedicated materials)
- Maintaining operational readiness of the crisis system: updating procedures, reflex sheets, crisis directories
- Organizing and facilitating cyber crisis exercises
Business Continuity (BCP)- Participation in the development of internal controls for business continuity
- Management of BIA (Business Impact Analysis) campaigns: scoping, collection, consolidation, reporting
- Improvement and maintenance of user fallback plans
- Continuous improvement of the overall BCP system
Recommendations
Be the first to recommend Farah
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master 2 Information Systems SecurityUTT2015Master 2 Sécurité des Systèmes d'Information
- Master in Computer Systems and NetworksFST2014Master Systèmes Informatiques & Réseaux